Re: [Announce] Security Alert for GnuPG 2.0 - Realloc bug in GPGSM

2010-07-27 Thread Werner Koch 
Hi,

some more inforrmation about this bug

On Fri, 23 Jul 2010 14:36, w...@gnupg.org said:

> bug was found in GnuPG's GPGSM tool.  It is likely that this bug is
> exploitable by sending a special crafted signed message and having a

On a first view this might actually happen.  However, after some
thinking or well, taking a shower in the morning, I come to the
conclusion that writing an exploit for this bug is a too hard problem
for an entity of the Deep Though designed computer.

Here is what happens:

1. We parse each subjectAltName and convert it into a plain C string.
   This string is allocated on the heap and the address of that string
   (a pointer) is stored in an array.

2. That array has initially been allocated with space for 100 entries.
   The first two entries are used for the issuer and subject name and
   subjectAltNames are stored following them.

3. If the parser (step 1) wants to store the 99th subjectAltName string,
   the code detects that the array is full and uses realloc to
   reallocate the array with space for 100 more entries.  The 99th
   pointer is then stored in the next slot of the reallocated array.

4. The bug is that we did not complete the reallocation but continued to
   use the old array and may now write out of bounds.  Two cases may
   happen: The realloc function is able to extend the array, in which
   case no harm is done because the missing assignment of the new array
   would have been superfluous as it the same address.  The more likely
   case is that realloc allocates a new memory block, copies the old
   array to the new array and frees the old array.

5. Thus when writing the 99th subjectAltName string we write into freed
   space, which is a no-no.  We even write out of bounds in the freed
   space, so all kind of harm may happen.  This is always a severe bug
   which is likey to be expoitable.

Now, why do I think this is not exploitable: It is the simple fact that
the attacker can't control the value which is written into the freed
memory block.

The value we are writing comes from our own malloc which at that point
is working as expected because the entire heap has not yet been damaged
(modulo other bugs in the code of course).  Now the heap is corrupted
and all future calls mallocs or free may to weird things.  Usually you
will see a segv then.

To exploit it, an attacker needs to hope that an overwrite (using a
malloc returned pointer) does harmful things but doesn't stop the
execution and continues to parse his certificate.  One of the next
subjectAltName need to overwrite a function and set it to (already
existing) code which does the actual attack.

You may prove me wrong, but I dount that anyone will spend time on
finding such an exploit.  It would be much faster to look for other, not
yet known, bugs.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: file contained no OpenPGPdata

2010-07-27 Thread Charly Avital 
Sergey Matveev wrote the following on 7/27/10 12:33 PM:
> Greetings,
> 
> On Tue, Jul 27, 2010 at 09:14:45AM -0700, Cooperider, Brian wrote:
> 
>> Thanks, I'm correct in that GNUPG is not compatible with IDEA but is
>> with casts and 3DES?
> 
> IDEA is patented, that is why default distributions and build of GnuPG
> do not include it. But it can be recompiled and built-in and
> successfully used. GnuPG supports many other various ciphers such as
> CAMELIA, Blowfish, Twofish, AES. You should recompile it with the needed
> ones.
> 



For Windows users, I believe you would need:
ideadll.zip then
ideadll.zip.sig to authenticate, then
expand ideadll.zip and proceed from there.



In my MacOSX system I have:

gpg (GnuPG) 1.4.10
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7),
AES192 (S8),
AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11), CAMELLIA192 (S12),
CAMELLIA256 (S13)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9),
  SHA512 (H10), SHA224 (H11)
Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)


Charly


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: file contained no OpenPGPdata

2010-07-27 Thread Werner Koch 
On Tue, 27 Jul 2010 18:33, stargr...@stargrave.org said:

> successfully used. GnuPG supports many other various ciphers such as
> CAMELIA, Blowfish, Twofish, AES. You should recompile it with the needed
> ones.

In fact the standard demands a preference system where your key declares
what algorithms you support.  3DES is the last resport algorithm and as
such always available.  IDEA for example is an optional algorithm.  An
implementation which uses an algorithm not given in the preferences of
the key is not standard conform.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: file contained no OpenPGPdata

2010-07-27 Thread Sergey Matveev 
Greetings,

On Tue, Jul 27, 2010 at 09:14:45AM -0700, Cooperider, Brian wrote:

> Thanks, I'm correct in that GNUPG is not compatible with IDEA but is
> with casts and 3DES?

IDEA is patented, that is why default distributions and build of GnuPG
do not include it. But it can be recompiled and built-in and
successfully used. GnuPG supports many other various ciphers such as
CAMELIA, Blowfish, Twofish, AES. You should recompile it with the needed
ones.

-- 
Happy hacking, Sergey Matveev  █▉
FSFE Fellow #1390█▉█▉█▉
FSF Associate member #5968 ▉▉

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: file contained no OpenPGPdata

2010-07-27 Thread vedaal 
On Tue, 27 Jul 2010 12:14:45 -0400 "Cooperider, Brian" 
 wrote:

>Thanks, I'm correct in that GNUPG is not compatible with IDEA but 
>is with casts and 3DES?

yes
(although, gnupg can be made compatible with IDEA if the IDEA 
plugin is used, but it's frowned on because it's not that great of 
an algorithm, it has copyright hassles, etc.)

If you use the option of --pgp6 and generate a dh key in gnupg,
then pgp6.5.8 will automatically use CAST5 when generating that 
key.

(AFAIK, you *cannot* generate a v3 RSA key in gnupg for many 
versions now, and pgp6 will not recognize v4 RSA keys, so you must 
use the --pgp6 option when generating a key, and gnupg will 
automatically pick an old style dh key for you.)


vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: file contained no OpenPGPdata

2010-07-27 Thread Cooperider, Brian 
Thanks, I'm correct in that GNUPG is not compatible with IDEA but is
with casts and 3DES?

Brian Cooperider
IT Operations
Relay Health
8720 Orion Place, Suite 300
Columbus, OH 43240
614-396-4511
614-885-0033 Fax
http://www.relayhealth.com


-Original Message-
From: gnupg-users-boun...@gnupg.org
[mailto:gnupg-users-boun...@gnupg.org] On Behalf Of ved...@nym.hush.com
Sent: Tuesday, July 27, 2010 11:19 AM
Subject: file contained no OpenPGPdata

Cooperider, Brian Brian.Cooperider at RelayHealth.com wrote on
Mon Jul 26 16:23:02 CEST 2010 :

>We have a customer using pgp command line version 6.5. The file 
they are
>sending us is giving us the error "file contained no OpenPGData" 
We are
>using  GnuPG 2.0.12, GPA 0.9.0


How is the pgp user encrypting this?

If it's with symmetric encryption, then pgp6.5.8 uses IDEA by 
default.
(In order for the pgp user to change this default behavior, the 
user needs to use the following command:
pgp +ciphernum=1 -ce filename  (this uses CAST5)
or
pgp +ciphernum=2 -ce filename  (this uses 3DES)

pgp6.5.8 can use only the 3 cipher algos: IDEA, CAST5, or 3DES,  
nothing else.


If they are encrypting to your key, then how did you generate this 
key in gnupg?
You would have needed to use the gnupg option of --pgp6 or pgp6.5.8 
will be unable to use that key.

It might be advisable to download a free commandline version of 
6.5.8 
(available here:  
http://www.pgpi.org/products/pgp/versions/freeware/ )
and set up a test system, and see if you can communicate with it 
using gnupg, and then tell the pgp6.5.8 client what additional 
commandline entries the client needs to use.


vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

file contained no OpenPGPdata

2010-07-27 Thread vedaal 
Cooperider, Brian Brian.Cooperider at RelayHealth.com wrote on
Mon Jul 26 16:23:02 CEST 2010 :

>We have a customer using pgp command line version 6.5. The file 
they are
>sending us is giving us the error "file contained no OpenPGData" 
We are
>using  GnuPG 2.0.12, GPA 0.9.0


How is the pgp user encrypting this?

If it's with symmetric encryption, then pgp6.5.8 uses IDEA by 
default.
(In order for the pgp user to change this default behavior, the 
user needs to use the following command:
pgp +ciphernum=1 -ce filename  (this uses CAST5)
or
pgp +ciphernum=2 -ce filename  (this uses 3DES)

pgp6.5.8 can use only the 3 cipher algos: IDEA, CAST5, or 3DES,  
nothing else.


If they are encrypting to your key, then how did you generate this 
key in gnupg?
You would have needed to use the gnupg option of --pgp6 or pgp6.5.8 
will be unable to use that key.

It might be advisable to download a free commandline version of 
6.5.8 
(available here:  
http://www.pgpi.org/products/pgp/versions/freeware/ )
and set up a test system, and see if you can communicate with it 
using gnupg, and then tell the pgp6.5.8 client what additional 
commandline entries the client needs to use.


vedaal


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Find correct key id's

2010-07-27 Thread Mohan Radhakrishnan 
Hi,
   I think as a newbie I was confused because --list-packets and BC
API printed two different ID's. Correct me if I am wrong.


It looks like when I use a user id like this and encrypt

gpg --output readme.gpg --recipient test...@test.co.in --encrypt
CHANGE.txt 

the output from "--list-packets readme.gpg" is 2048-bit RSA key, ID
6540BD43, created 2010-02-11 (main key ID 202AAEDC)


but when I use code like this to get a key for encrption

while ( rings.hasNext()) {

PGPPublicKeyRing ring = (PGPPublicKeyRing) rings.next();

key = ring.getPublicKey();

if( null == key ){
throw new
KeyNotFoundException();
}

for( Iterator userIds = key.getUserIDs() ;
userIds.hasNext() ; ){

userId = ( String )userIds.next();

}
//Read from properties file
if( userId.equals( "test...@test.co.in"
)){
break;
}
}

The output from --list-packets is 2048-bit RSA key, ID 202AAEDC, created
2010-02-11

So it looks like in the first instance it shows the sub-key but in the
second case it seems to be showing the main key.

Thanks,
Mohan

-Original Message-
From: MFPA [mailto:expires2...@ymail.com] 
Sent: Tuesday, July 27, 2010 6:16 PM
To: Mohan Radhakrishnan on GnuPG-Users
Cc: Mohan Radhakrishnan
Subject: Re: Find correct key id's

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Tuesday 27 July 2010 at 12:29:19 PM, in
,
Mohan Radhakrishnan wrote:


> Hi,

> I have some questions about matching key id's.

> 1. I am trying to find the key id of the key that
> encrypted a file so that I can use the corresponding
> decrypting key.

Is "--try-all-secrets" not helping you?

- --
Best regards

MFPAmailto:expires2...@ymail.com

There is no job so simple that it cannot be done wrong
-BEGIN PGP SIGNATURE-

iQCVAwUBTE7U/6ipC46tDG5pAQpXXgP/WKyGdIHaUJGiRAhKE+xg3u77S7P/PoMu
vBrtgc8/VPt9qTKzm8viDNKf/oB6pCn1Km8IhYI+9QtxEpLpz4tNuR5WuUBFae8a
IB9P4NKCmDV+GROUpfZQtDskks259lMkUfDICsMvOvlmWRs6k7AdMQA70ITaHQSS
AVGZz8cSB/o=
=VSsN
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Find correct key id's

2010-07-27 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Tuesday 27 July 2010 at 12:29:19 PM, in
,
Mohan Radhakrishnan wrote:


> Hi,

> I have some questions about matching key id's.

> 1. I am trying to find the key id of the key that
> encrypted a file so that I can use the corresponding
> decrypting key.

Is "--try-all-secrets" not helping you?

- --
Best regards

MFPAmailto:expires2...@ymail.com

There is no job so simple that it cannot be done wrong
-BEGIN PGP SIGNATURE-

iQCVAwUBTE7U/6ipC46tDG5pAQpXXgP/WKyGdIHaUJGiRAhKE+xg3u77S7P/PoMu
vBrtgc8/VPt9qTKzm8viDNKf/oB6pCn1Km8IhYI+9QtxEpLpz4tNuR5WuUBFae8a
IB9P4NKCmDV+GROUpfZQtDskks259lMkUfDICsMvOvlmWRs6k7AdMQA70ITaHQSS
AVGZz8cSB/o=
=VSsN
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Find correct key id's

2010-07-27 Thread Mohan Radhakrishnan 
Hi,

 

I have some questions about matching key id's.



1. I am trying to find the key id of the key that encrypted a file so
that I can use the corresponding decrypting key.

 

2. I am trying to use the correct decrypting key from the keyring using
the code shown here to decrypt.

 

Appreciate any advice ?

 

Thanks,

Mohan

 

 

 

PGPSecretKeyprk = ( PGPSecretKey )keyIt.next();

PGPPublicKeypuk = prk.getPublicKey();

 

sb.append(  "Private [" + prk.getKeyID() + "]
Public [" + puk.getKeyID() + "]\n" );

 

for( Iterator it = puk.getUserIDs() ;
it.hasNext() ;  ){

  sb.append( "User ID [" + it.next() + "]\n"
);

}

 

 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg --batch --yes --edit-key trust

2010-07-27 Thread mark 
On Tue 27/07/10  9:12 AM , Werner Koch w...@gnupg.org sent:
> On Mon, 26 Jul 2010 10:01, m...@proseconsulting.co.uk said:
> > gpg --fingerprint --list-keys "$1" |\
> > $AWK -v tmpfile="$TMPFILE" -v trustlevel="$2"
>
> Please use --with-colons for all scripts.  The standard output is only
> for humans.

Good spot.  Amended script attached.  I hope others find it useful.

Best regards,
Mark Bannister.



set-gpg-trust
Description: Binary data
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg --batch --yes --edit-key trust

2010-07-27 Thread Werner Koch 
On Mon, 26 Jul 2010 10:01, m...@proseconsulting.co.uk said:

> gpg --fingerprint --list-keys "$1" |\
> $AWK -v tmpfile="$TMPFILE" -v trustlevel="$2" '

Please use --with-colons for all scripts.  The standard output is only
for humans.  Something like

 gpg --with-colons  --with-fingerprint --list-keys "$1" |\
 $AWK -F: -v tmpfile="$TMPFILE" -v trustlevel="$2" '
 $1 == "fpr" { fpr=$10 }

should do the job.



Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users